If you're one of those people who refuses to say "yes" to the
unknown hostkey warning the first time you ssh to one of our shell machines,
here are fingerprints for the hostkeys used on all machines in the shell
pool (unix.club.cc.cmu.edu):

An alternative that might avoid this whole issue would be to
kinit on a machine you trust using your club principal, then ssh to one of our
machines using an ssh client that is kerberos-aware. Our sshd is also
kerberos-enabled, and you should be able to log in without a password.
As one might expect, there are more than a few quirks in the kerberized
ssh negotiation process, so not all clients may be able to log into our
machines using this method.